yaracroft @venom@nanao.cybtex.fr

iPhone apps are now required to ask your permission if they want to track you and your activity across other apps. Big step in the right direction for privacy.

https://www.eff.org/deeplinks/2021/04/apples-apptrackingtransparency-upending-mobile-phone-tracking

Windows Defender's VDM Format

https://github.com/commial/experiments/tree/master/windows-defender/VDM

Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim's various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum. Not only does it target cryptocurrency wallets, it can steal credentials from other applications such as NordVPN, Telegram, Discord, and Steam. It's also capable of taking screenshots of the infected computer and exfiltrating data from browsers like cookies, passwords, and cards.

https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.html

I See Dead μ ops: Leaking Secrets via Intel/AMD Micro-Op Caches

http://www.cs.virginia.edu/~av6ds/papers/isca2021a.pdf

La cybercriminalité génère des milliards et pousse des sociétés vers la faillite

https://www.rts.ch/info/sciences-tech/12173038-la-cybercriminalite-genere-des-milliards-et-pousse-des-societes-vers-la-faillite.html

21Nails : Multiple Vulnerabilities in Exim Mail Server

https://www.qualys.com/2021/05/04/21nails/21nails.txt

Remote zero-click security vulnerabilities in an open-source software component ( ConnMan ) used in Tesla automobiles

https://tbone.sh

Doubledrag, Doubledrop and Doubleback - 3 new malware families used in a widespread phishing campaign entrenched in financial crime. The threat actors behind the malware, described as « experienced and well-resourced,» are being tracked as UNC2529.

https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html

Flashpoint has validated recently leaked documents that indicate Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign through an Iranian contracting company called Emen Net Pasargard (ENP) (aka « Imannet Pasargad » , « Iliant Gostar Iranian » , « Eeleyanet Gostar Iraniyan ». These 3 documents were originally leaked between March 19 and April 1, 2021, by the Iranian dissident group « Lab Dookhtegan » famous for providing highly reputable intelligence on Iranian state-sponsored cyber programs.

https://www.flashpoint-intel.com/blog/second-iranian-ransomware-operation-project-signal-emerges/

Fest­nah­men von mut­maß­lich Ver­ant­wort­li­chen und Mit­glie­dern der kin­derpor­no­gra­fi­schen Dar­knet­platt­form « BOY­STOWN » und Ab­schal­tung die­ser Platt­form

https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2021/Presse2021/210503_pmboystown.html

(patch now) iOS 14.5.1

https://support.apple.com/en-us/HT212336

(patch now) Pulse Connect Secure 9.1R11.4

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784

Alaska Court System (courts.alaska.gov) temporarily suspends Online Services due to cybersecurity attack - A cyberattack has caused the Alaska Court System (ACS) to disconnect most of its operations from the internet, an act expected to block electronic court filings, disrupt online payments and prevent hearings from taking place by videoconference for several days.

https://www.adn.com/alaska-news/crime-courts/2021/05/01/unidentified-cyberattackers-force-alaska-court-system-to-disconnect-from-internet/

A ransomware attack on the Resort Municipality of Whistler (RMOW) could have far-reaching consequences, according to a cyber security expert, but there’s no way of knowing for sure until a full forensic investigation is completed. In a recent post to the dark web, the cyber criminals claim to have accessed about 800 gigabytes of RMOW data.

https://www.piquenewsmagazine.com/local-news/whistler-ransomware-attack-could-affect-thousands-3681140

Families of organ, eye and tissue donors are receiving letters this week from the Midwest Transplant Network informing them of a data breach affecting more than 17,000 individuals. The breach, a malicious ransomware attack, occurred in February and locked Midwest Transplant Network out of its files for a brief period before it was able to regain access.

https://www.kcur.org/health/2021-05-03/ransomware-attack-on-midwest-transplant-network-affects-more-than-17-000